The Xbox Live Bans: A Cautionary Tale of the TOS

"Your console has been banned." For many gaming enthusiasts, perhaps nothing is more unnerving than the prospect of losing the ability to duel with friends and strangers over the Internet for hours on end. Yet earlier this month, this fear became a reality for many Xbox owners when Microsoft banned a large number of consoles from its Xbox Live service. The move effectively prevents the machines from playing games online, and according to reportssofar, the ban allegedly only affects consoles that have been modified by users in order to play pirated games. While Microsoft has not said how many machines were affected (other than shooting down the initially reported figure of 1 million), the sheer quantity of banned Xbox 360s that have shown up for resale on sites like eBay and craigslist suggests the number is still quite large. Corresponding with one of the most anticipated multiplayer title releases of the year, the ban sends a strong that Microsoft is not afraid to hit users where it hurts when it comes to their bottom line.

Yet, while the obvious lesson some may take away from this is, "Don't steal games," there is a much more subtle point to be made here about the power of online service providers wield over their users through their Terms of Service Agreements (or TOS).

No matter how much we rely on them to get on with our everyday lives, access to online services—like email, social networking sites, and (wait for it) online gaming—can never be guaranteed. That's because use of these services are generally governed by a Terms of Service ("TOS") agreement, in which you agree the operator may do what it wants, when it wants, regardless of how much time, effort, and money you invested. In the words, he who writes the TOS makes the rules, and when it comes to enforcing them, the service provider often behaves as though it is also the judge, jury and executioner.

. . . You agree that you are using only authorized software and hardware to access the Service, that your software and hardware have not been modified in any unauthorized way (e.g., through unauthorized repairs, unauthorized upgrades, or unauthorized downloads), and that . . . [a]ny attempt to . . . modify. . . any hardware or software associated with [Xbox Live] or with an original Xbox or Xbox 360 console is strictly prohibited . . . .

"Violators Will Found And Punished"

[Microsoft has] the right to send data, applications or other content to any software or hardware that you are using to access the Service for the express purpose of detecting an unauthorized modification. . . . [which] may result in cancellation of your account and/or your ability to access the Service, and the pursuit of other legal remedies by Microsoft.

"There Will Be No Trial. There is No Right to Appeal"

Microsoft reserves complete and sole discretion with respect to the operation of the Service.

Players who find their Gamertags banned from Xbox Livehave wound up in that situation due to violations of the XboxLive Terms of Use. . .

When a Gamertag comes up as violating our policies for online behavior, the person who owns that Gamertag is punished by being banned from the service. Keep in mind, this isn't just a ban on a particular game. This is a ban on the Xbox Live service as a whole, so you won't be able to go online at all during your ban. Initially, you may be banned for a day, a week, or depending on severity, permanently! Kiss that $50 goodbye.

Of course, these "absolute power to terminate" clauses are in no way unique to the Xbox Live TOS. While the mass ban provides a useful illustration of their danger, these terms can be found in nearly all TOS agreement for all kinds of services. There have been virtually no legal challenges to these kinds of arbitrary termination clauses, but we imagine this will be a growth area for lawyers. After all, imagine that instead of losing the ability to play games, you suddenly are unable to check your email. In that case, it will be more than $50 that you'll be kissing goodbye.

Related Updates

EFF is introducing a new Coders' Rights project to connect the work of security research with the fundamental rights of its practitioners throughout the Americas. The project seeks to support the right of free expression that lies at the heart of researchers' creations and use of computer code to...

Have you ever wanted to talk with the Electronic Frontier Foundation about the risks of talking in public about security issues, especially in connected Internet of Things devices? Tomorrow, you'll get your chance. Information security has never been more important: now that everything from a car to a...

Congress has never made a law saying, "Corporations should get to decide who gets to publish truthful information about defects in their products,"— and the First Amendment wouldn't allow such a law — but that hasn't stopped corporations from conjuring one out of thin air, and then defending it as...

Update: Canadian authorities announced on May 7 that they dropped all charges against the teen they had previously accused of unauthorized use of a computer service for downloading public records from a government website. Canadian authorities should drop charges against a 19-year-old Canadian accused of “unauthorized use...

For tech lawyers, one of the hottest questions this year is: can companies use the Computer Fraud and Abuse Act (CFAA)—an imprecise and outdated criminal anti-“hacking” statute intended to target computer break-ins—to block their competitors from accessing publicly available information on their websites? The answer to this question has wide-ranging...

Despite the full-throated objections of the cybersecurity community, the Georgia legislature has passed a bill that would open independent researchers who identify vulnerabilities in computer systems to prosecution and up to a year in jail. EFF calls upon Georgia Gov. Nathan Deal to veto S.B. 315 as soon...

Last weekend’s Cambridge Analytica news—that the company was able to access tens of millions of users’ data by paying low-wage workers on Amazon’s Mechanical Turk to take a Facebook survey, which gave Cambridge Analytica access to Facebook’s dossier on each of those turkers’ Facebook friends—has hammered home two problems: first...

Deputy Attorney General Rod Rosenstein delivered a speech on Tuesday about what he calls “responsible encryption” today. It misses the mark, by far. Rosenstein starts with a fallacy, attempting to convince you that encryption is unprecedented: Our society has never had a system where evidence of criminal wrongdoing...

EFF, joined by Public Knowledge, filed an amicus brief today asking the Court of Appeals for the Federal Circuit to revisit one of its worst decisions ever. Three years ago this month, in Oracle v. Google, the Federal Circuit held that the Java Application Programming...

This year was one of the busiest in recent memory when it comes to cryptography law in the United States and around the world. But for all the Sturm und Drang, surprisingly little actually changed in the U.S. In this post, we’ll run down the list of things that happened...